﻿using System;
using System.Collections.Generic;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Web;

/// <summary>
/// Summary description for UserCredentialsDAL
/// </summary>
public class UserCredentialsDAL : DALBase
{

    #region CREATE

    public void NewUserCredentials(UserCredentials userC)
    {
        using (SqlConnection conn = CreateConnection()) 
        {
            try
            {                
                var cmd = new SqlCommand("dbo.usp_CreateUserCredentials", conn);
                cmd.CommandType = CommandType.StoredProcedure;

                cmd.Parameters.Add("@UserID", SqlDbType.Int, 4).Direction = ParameterDirection.Output;

                cmd.Parameters.Add("@Username", SqlDbType.VarChar, 50).Value = userC.Username;
                cmd.Parameters.Add("@UserPassword", SqlDbType.VarChar, 50).Value = userC.Password;
                cmd.Parameters.Add("@Email", SqlDbType.VarChar, 50).Value = userC.Email;
                cmd.Parameters.Add("@Salt", SqlDbType.VarChar, 20).Value = userC.Salt;

                conn.Open(); 
                cmd.ExecuteNonQuery();
                userC.UserID = (Int32)cmd.Parameters["@UserID"].Value; 
            }
            catch
            {
                throw new ApplicationException("An error has occured in the data access layer.");
            }

        }
    }

    #endregion



    #region READ

    public UserCredentials UserCredentialsOnUsername(string username)
    {
        Sanitize sanitize = new Sanitize();
        using (SqlConnection conn = CreateConnection())
        {
            try
            {
                SqlCommand cmd = new SqlCommand("dbo.usp_GetUserCredentialsOnUsername", conn);
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.Parameters.AddWithValue("@Username", username);

                conn.Open();
                using (SqlDataReader reader = cmd.ExecuteReader())
                {

                    if (reader.Read())
                    {

                        var UserIDIndex = reader.GetOrdinal("UserID");
                        var UserPasswordIndex = reader.GetOrdinal("UserPassword");
                        var EmailIndex = reader.GetOrdinal("Email");
                        var UserRoleIndex = reader.GetOrdinal("UserRole");
                        var SaltIndex = reader.GetOrdinal("Salt");
                        var UserSignatureIndex = reader.GetOrdinal("UserSignature");

                        return new UserCredentials
                        {
                            UserID = reader.GetInt32(UserIDIndex),
                            Username = username,
                            Password = reader.GetString(UserPasswordIndex),
                            Email = sanitize.DecodeText(reader.GetString(EmailIndex)),
                            UserRole = sanitize.DecodeText(reader.GetString(UserRoleIndex)),
                            Salt = reader.GetString(SaltIndex),
                            Signature = sanitize.DecodeText(reader.GetString(UserSignatureIndex)),
                        };
                    }
                }
                return null;
            }
            catch
            {
                throw new ApplicationException("an error has occured in the data access layer");
            }
        }
    }


    public UserCredentials UserCredentialsOnID(int userID)
    {
        Sanitize sanitize = new Sanitize();
        using (SqlConnection conn = CreateConnection())
        {
            try
            {
                SqlCommand cmd = new SqlCommand("dbo.usp_GetUserCredentialsOnUserID", conn);
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.Parameters.AddWithValue("@UserID", userID);

                conn.Open();
                using (SqlDataReader reader = cmd.ExecuteReader())
                {
                    if (reader.Read())
                    {
                        var UsernameIndex = reader.GetOrdinal("Username");
                        var UserPasswordIndex = reader.GetOrdinal("UserPassword");
                        var EmailIndex = reader.GetOrdinal("Email");
                        var SignatureIndex = reader.GetOrdinal("UserSignature");

                        return new UserCredentials
                        {
                            UserID = userID,
                            Username = reader.GetString(UsernameIndex),
                            Password = reader.GetString(UserPasswordIndex),
                            Email = sanitize.DecodeText(reader.GetString(EmailIndex)),
                            Signature = sanitize.DecodeText(reader.GetString(SignatureIndex)),
                        };
                    }
                }
 
                return null;
            }
            catch
            {
                throw new ApplicationException("an error has occured in the data access layer");
            }
        }
    }



    #endregion





    #region UPDATE

    public void UpdateUserPasswordOnUserID(UserCredentials userC)
    {
        using (SqlConnection conn = CreateConnection()) 
        {
            try
            {
                var cmd = new SqlCommand("dbo.usp_UpdateUserPasswordOnUserID", conn);
                cmd.CommandType = CommandType.StoredProcedure;

                cmd.Parameters.Add("@UserID", SqlDbType.Int, 4).Value = userC.UserID;
                cmd.Parameters.Add("@UserPassword", SqlDbType.VarChar, 50).Value = userC.Password;
                cmd.Parameters.Add("@Salt", SqlDbType.VarChar, 20).Value = userC.Salt;

                conn.Open();  
                cmd.ExecuteNonQuery();
            }
            catch
            {
                throw new ApplicationException("An error has occured in the data access layer.");
            }
        }
    }

    public void UpdateUserEmailAndSignatureOnUserID(UserCredentials userC)
    {
        using (SqlConnection conn = CreateConnection()) 
        {
            try
            {
                var cmd = new SqlCommand("dbo.usp_UpdateUserEmailAndSignatureOnUserID", conn);
                cmd.CommandType = CommandType.StoredProcedure;

                cmd.Parameters.Add("@UserID", SqlDbType.Int, 4).Value = userC.UserID;
                cmd.Parameters.Add("@Signature", SqlDbType.VarChar, 150).Value = userC.Signature;
                cmd.Parameters.Add("@Email", SqlDbType.VarChar, 50).Value = userC.Email;

                conn.Open();
                cmd.ExecuteNonQuery();
            }
            catch
            {
                throw new ApplicationException("An error has occured in the data access layer.");
            }
        }
    }

    #endregion





    #region DELETE

    #endregion



    
}